3a7c7edac4ed39a3e1758a58e72a386ed473b5150c0eab6d96020cc330bda674

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc162b56a006088dd622eccf021aa6ef_JaffaCakes118.html
Size

8KB
MD5

dc162b56a006088dd622eccf021aa6ef
SHA1

9c086f8fc76cc171f776249302b3de48867724ff
SHA256

3a7c7edac4ed39a3e1758a58e72a386ed473b5150c0eab6d96020cc330bda674
SHA512

239a640f046bcbbcaecb7e7671c4c27b01c92715cfee6210725ea7a7d238ec97949d45bce0c0f00268c27c23bd5c5f1781e23879cf86d2d1e419b65610689669
SSDEEP

192:SI0rIkaMyQvvHVVeqX+6VqlpoAj/9zmCI:SI0Ek6Fm+6VqlpL1KCI

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3078ada4e704db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432288922"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000293102fba90a4c0c8eba5f7e0a444917088cd7e1af264c1f4476c4d474c71666000000000e800000000200002000000079ab4c72634ed7a91b991fc760f4003d89b9ef8a08056c850de63fafd13bb050200000001b37215841020d891d1d8f148add857535b0f397c95820acdced6ea44e691942400000001e738174e02db270377cdefd9f8b3030d40a837f80a523832f4d5a0896c8ec9e30e43e89838fcd223781a15d9f0646e5b11fe55cdfd4e9b294aebebec2d9bb8e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000089846bfa6a2ce0648c0aa75f9435311b31653514d4043db6f39370e57dc96644000000000e80000000020000200000004eb1b7c7ee370cd53a1c9bda994175ed43a266220489ea79d1c93ea76d2760369000000049de3dd98ac356b99de796cf740ff54887ec79664f4ea63366dfc6c64a249b42f2fe900a06168fded480eb9cade73567b249c40d16e5139d3867ea36879c405bc5659207477af64b7dce8f5178553e00d7731cab9edba37c2c26ece9c65cf5bad4230bd6af2d053f22860e48c09fd3dffcf90d300340cbc2bcfe9afef38e0146debb14766a41b2f8e6266c74392a06424000000021554549029c725d946f1bbcf8c23a45b64ce02fe43275034850893e0d07d74b04a2e560cb4716d87913510933199092cb33dcb6681b81d272b81485506c83e9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD62DAE1-70DA-11EF-AA6F-523A95B0E536} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1980	iexplore.exe
1980	iexplore.exe
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1892	1980	iexplore.exe	31
PID 1980 wrote to memory of 1892	1980	iexplore.exe	31
PID 1980 wrote to memory of 1892	1980	iexplore.exe	31
PID 1980 wrote to memory of 1892	1980	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dc162b56a006088dd622eccf021aa6ef_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
980b5b89f3feafd1b8f040202540da3b

SHA1
4283036404be4ea16b39371d54d92ba67c43fc5d

SHA256
c1389969acad21389c6ffbab62208584ef58add4806a01ebb99cf91d03390a88

SHA512
40cb05f50866742720cc6c4e87e851b50daf13707b817f5d549a923ba040dd0e8fc1e64501ce7e0d7740b2925f076671fa06faa97b4a718e68980be507d99fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
220f60b721cbc36e7abad979c5e470c3

SHA1
68a3f0664443a03fac20383f477325c654f0659d

SHA256
ca0e91e912e187121b5501b1807b4d6b8343963a98fd448ece95dd82b05abbd4

SHA512
602069082935cc8a3c0ac8015af4e9f2d4e423ffec9141a5f718edf4bdec6e5edee96db591c4471f62a0949dd865532ec7b0d8a533c9b7f5029a2094f6dc48d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5e6f79510247039ec9b29d9adc7eedf

SHA1
6938ffc9e21214b390040c937d4074da53d198b2

SHA256
b4d722e2cefa4a6fb7a0d6b3a66674df21a9814706461104bf2a9e77c97b9656

SHA512
d8f3aef3fe2704fb0e242186416ed57ab80f69388e6a2e87f6849886e1bfa76305e823cc9c1fe6b073562fceb542a8453522d071fbfe3c582857e73b4b761d39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4b38fff7a423ee752ce171e68811d74

SHA1
48ff386beda634bb6dfea2648b295e9cae49c183

SHA256
2f527b8f1101e7e7ad5d8d3bc6f37f66be5224e3c5788084277d5174bf5d9383

SHA512
571cba33fd35cde18128212bb59f5d98995af33084e7fc520b0d4dcabf0b9f9212d969df0ead914c60464fc65903f535b9eff5c10ef99a5f06ba92b235cb9838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d556d06a1f967ad04f555684d4df2f64

SHA1
29d079c5605333b7fa22bab203718b8cdd7242b6

SHA256
10289edc787bf6fff592121b50138fe8982ac5725faf29eed3be514866f4f415

SHA512
180cf59ef08b7f4100228fdc03cc9ac153d78309e28254a5cb22179793c2964933908a8dd107f47f68ff34fc94e4957a292b07548ddca0a0dea3e794a37e434c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff3df5ceb8cdb91f5879681ce20faaca

SHA1
33a9142a637f573e97c7ddbdd551b55460d20d6e

SHA256
dd7a6f4310f083f93374c0bbde21100e4f88bd302ea909e2c11b7888fa5d81dc

SHA512
e77b02a6195df5684fc9b658d1cef7ca6dca20e4914ebd26bfb9f642df821ea87d81d4931cccea7bb0811f6bb7945ebfe0cbb2275d426d1daa628a26d3b9086c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ae03a311490228be9fd85b8f1a3a999

SHA1
baf9dc4bd6c4fb9f5024ceefd09c2f149fe31fb0

SHA256
5cb3276baf205715dd6ffdd9d42a454e25398998978140702743fc86f1a32055

SHA512
8ab9ddb04a6180715811023ce38ac05c602c82a927a518190ce807ad045f9998dcf7a9701b6ebaebe1b0823339f071d156bf3b78bff36873489d3b1965ec4245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8848cb8a7ff9e843b4845134c7cf1361

SHA1
831a3b272d3862ce78a637e3e37bec637976ee1e

SHA256
459228e3e3bcfcfc0e9d5c1f994b93c79a6792596245d8577041d632ab822aa4

SHA512
2d0c7510949367210666c603bdc229e14d97411927010a9584faa59c81ab308543e26501dc2b93a603f35d8c2f4061e0c05a56623228efef4418b44c16c7ad26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb64bf4c2402a2557faac7d6a09461b0

SHA1
feffc6c0b37dcf7a18812026e02517cddda152e5

SHA256
55f54a9c85b9016b59ad9b48cf99a564133aad045084e1f95095361ebc090c4b

SHA512
a69660e96170a7c8aaef0505d3ca4e34dec6f60d235cdffc0b217cc29e170473ed7419acf06b57e483cf68d92555bda90c3320338144293fbf56ae40cbbf85df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09e07a61c93a95a2ed4bf4807f326a62

SHA1
1c3bf2f278ab96d62a18b970046a451a0d2a30e7

SHA256
da30f8811e57cbd09ba743c73a4e1fea089a90faf64b965318469e9fd7a9ae59

SHA512
67f8099d1b40f19e22c4a693c4f428aae09d29f8812005378bad05c12072ec73d3f11c0fa3b24b5519a2570655aa3eb6fab172c0ceab48345a0380268d902388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8afe726852b98493af1f6df6761b9630

SHA1
c515fa9c57219314a0b8f4da385046ad7f370057

SHA256
68645f4d02a71bacbe955df57f47bbf1426d113f15964af434c0cd86caefffac

SHA512
b56f46869bf23f673813c0bbaeee5646a375d7ec41b4a09267f34316ad62f5ae9720e8e89525f13bead01572a52107d445d19b15d209102550027b33317e7ca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc9e46dfc5de4b5e533cff3deda36ba1

SHA1
53ddc3f49c5aa59a0f0dec919c299513330f43f3

SHA256
db4c59302fe92eedacfd11aaa662fcb8630901e7de9095d199420831c093d40b

SHA512
39d6a7b3eef2ffd8eeaed0db0fb9a1414769fa278be46e1daf51012ef7a5786d8cd19316d4a4f026966ad67b8d12329d39c08edd9ebcc98b57ceb5b0e9ebfcb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a439ca64bd709ed2bc836ffe726f3d9a

SHA1
8b23f064a310e5adfb2dcb06cf4656ec27dc5c85

SHA256
d7c5493b1b591ebfd2221eca272d801daa7f7fbf0dd07aa5708cca257e60b7f8

SHA512
c4a837f7330e72f2fab2df6d8444a705c2546fb6ed76a3f1c06f6336c61689933f217a4a42873f75dfce2ead0f7322e4093240a46ed02e3574b53cbc7a31276a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2077ffd65e3c19f8d205557cf76f1361

SHA1
58d1b881f6cdca07dedf59701fcdafd48f068225

SHA256
46e8c62357cb40e6d80957e73360f36609a549afcc8837aad305d4a86e3b01d3

SHA512
b9c028f8391ccd8cc91b261202475b5fb329b2c7d9ee1976be24167123c86033220d3ae89719c54c92bab1d6f355205b18940d8600d0defcadc26b23d3ece343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6165b0860a0622292fbac7f05e0791c

SHA1
baa6c1bc1042de32ed33973f95450b514c92c16c

SHA256
2640b57bb932a5f826670bdcfa25d88a8f2d0ca27e7a12ef5bd42749f4685861

SHA512
4a7f46e41cff628849a0852f45edd844280c1becd82b79c95820adc6a00cc4045177b8a9ca43b4df4611bbf230eaad5a235099b7c77043a3eca24519b326a391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0082210ff6cb35db726afffafe9ffefe

SHA1
74ed5b8baf5b775cfc6c1bc1f94d301680c65961

SHA256
58feef701d58dc5b9428a28fa72bf663a945ab08844edb87d0db3423acd51ba4

SHA512
d1f1b95ad1c53303546777adb50d616f99cc87fbc33ba4669de4eb209614d2525e7db1b79035b5c9bbab3cf23ff6a2daaca56293e575016d273f75f0fd9eae46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
774523035e3c7311a411b78b18e17c8f

SHA1
f98151f760882679ca541d2555ca3ccd4ab5bb45

SHA256
830271f85905b42e52704e299dcbeb6bb1ac34bd276bad5a1f4628fff99fcc0e

SHA512
84897f59dc6dbff837683ee004bd63d653ada1ef0b519baeef605b10b4c165c9cf77026969c0350ccfc496c32d7591f189abbbf0efe3d7d9d605b8ad87b361b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD6C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE3A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit